Template talk:User PGP

Overflow
Stopped the box overflowing into three lines. 131.111.195.8 23:27, 27 May 2006 (UTC)

Any reason not to use to automatically fill in the user name? Jobarts-Talk 05:00, 30 March 2006 (UTC)
 * Nope, and the default has been that way for a little while now [[image:smile.gif]] -- Avi 02:05, 21 May 2007 (UTC)

Changed template
I changed the template to accept the 8 digit key ID (with the 0x prefix), and it calls the key from the keyserver at PGP.NIC.AD.JP. That keyserver does not require port 11371 to be open. However, if someone's key is not on that server, it will not be found. Does anyone see a need to build logic in to accept another website? -- Avi 20:22, 9 May 2007 (UTC)


 * Logic built in. URL should be everything up to the "lookup" clause. -- Avi 02:05, 21 May 2007 (UTC)

Userbox
Went ahead and made this a userbox, rather than a div that happens to do the same thing. Max.diems (talk) 19:59, 2 February 2008 (UTC)

Auto-cat
In general, auto cats are not recommended due to WP:UBX. I believe this template (and other PGP templates) should be an exception because it is also used as a, possibly more robust, version of committed identities, and the best way to expand the web of trust in wikipedia is to be able to see, quickly, who has keys and where they are posted. -- Avi (talk) 07:33, 13 March 2008 (UTC)
 * I suppose that makes sense as opposed to all of the other ones I've removed. We can revert my changes if you'd like. ^demon[omg plz] 10:31, 13 March 2008 (UTC)
 * Thanks, ^demon. -- Avi (talk) 12:29, 13 March 2008 (UTC)

Question
@"In order to prevent the key from being tampered with, the public key should be hosted off-Wikipedia." - Why would it be harder to tamper with a key ID compared to tampering with a public key itself? Wouldn't in both cases any tampering show up in the page history? And if you use the secure server, couldn't you verify that the posted key is the key you supplied in both cases? And isn't it true that it's easier for a keyserver to attach a different key to a key ID than to crack a public key itself? And that this wouldn't be visible in the page history? Shinobu (talk) 09:45, 25 April 2008 (UTC)
 * Short answers: It's not, Yes, Yes, I do not think so, Perhaps.
 * Long Answer: You are correct, in as much as long as the key is posted on secure keyservers it should not matter. In actuality. I have changed to posting the ASCII-armored version of my key on wiki because the server versions have a large number of expired signatures on them, and I post a "cleaned" version. Either way, if you think that text is misleading--change it :) -- Avi (talk) 14:35, 25 April 2008 (UTC)
 * I might, but I don't consider myself an expert on cryptography... So while I'm pretty sure you're probably mostly right, I'm kind of hesitant to pass this advice on to other Wikipedians. In case it turns out that I was mistaken or overlooked a subtlety or something. I should read a good book on crypto one day. Although I think I will use a public key instead of a key ID on my userpage, when I get around to actually generate a new key, etc. Thanks for the swift response by the way. Shinobu (talk) 17:43, 7 May 2008 (UTC)
 * A pleasure, and I removed that sentence from the doc too. :) -- Avi (talk) 18:09, 7 May 2008 (UTC)

8 digit
Given that there are a few 8 digit keys IDs collisions, it might have sense to suggest using 16 digits or even the full fingerprint. It's not like it clutters space on screen, it's only in the link. (and it does work already with current code) --Lapo Luchini (talk) 01:27, 7 January 2011 (UTC)
 * Good point, done. -- Avi (talk) 02:32, 7 January 2011 (UTC)